Vulnerability Disclosures

Liebert MultiLink Automated Shutdown v4.2.4 – Privilege Escalation

This is another insecure service binary vulnerability. After installing the software (used for the remote configuration of UPS settings and graceful shutdowns), the SYSTEM run service ‘LiebertM’ is installed. This points to a binary with weak permissions, allowing a low privilege account the ability to replace the binary and execute arbitrary code as SYSTEM.

After unsuccessfully attempting to contact the vendor on 28th July 2015 and CERT’s unsuccessful attempts thereafter, there is currently no known plan for a fix.

If you use this software, please check here for any future updates the vendor may provide.

########################################################

Proxycap v5.27 – Privilege Escalation Vulnerability

November 2015

When Proxycap v5.27 is installed in a non-default location (i.e. not C:\Program Files\Proxy Labs\ProxyCap\ or C:\Program Files (x86)\Proxy Labs\ProxyCap\ ), the “Authenticated Users” group has modify access to the executable file the service (pcapsvc) points to, resulting in the ability for a low privilege user to execute arbitrary code on the operating system. A low privilege account can therefore replace this binary to execute arbitrary code as SYSTEM.

EPSON Network Utility – Privilege Escalation

I found that the SYSTEM run service installed with the Epson Network Utility v4.10 software points to a binary with weak permissions. A low privilege account can replace this binary to execute arbitrary code as SYSTEM.